SANJAYA KALPAGE +94-772531381

sanjaya.kalpage@gmail.com

S E N I O R S Y S T E M S A U D I T O R ( I C T ) Colombo, Sri Lanka

PROFESSIONAL SUMMARY
Results-driven professional with 17+ years in the financial industry, including more than a decade in IT security auditing.
Proficient in assessing cybersecurity controls across business applications, processes and related IT infrastructure. Skilled
in diverse security technologies and IT governance frameworks to uphold data confidentiality, integrity, and availability in
line with business goals. Eager to self-learn any technical domain to tackle fresh job challenges and ef fective in
communicating findings and advancing cybersecurity measures.

CERTIFICATIONS WORK EXPERIENCE

| CERTIFIED INFORMATION SYSTEMS AUDIT DEPARTMENT, SAMPATH BANK PLC

SECURITY MANAGER (CISM) Colombo, Sri Lanka | 2013 – Present
ISACA, 2023 Senior Executive I 2023 – Present
Executive II 2019 – 2023
Executive I 2016 – 2019
| CERTIFIED INFORMATION
Junior Executive II 2013 – 2016
SYSTEMS SECURITY
PROFESSIONAL (CISSP)  Conduct cybersecurity assessments and pre/post implementation audits to
ISC2, 2021 identify vulnerabilities, threats, and the robustness of security controls in web
and mobile applications, as well as related IT infrastructure (including databases
| CERTIFIED INFORMATION and network communication). Notable systems audited include:
SYSTEMS AUDITOR (CISA)  CyberArk Privileged Access Management (PAM)
ISACA, 2018  Oracle Audit Vault
 IBM Enterprise Service Bus (ESB)
 Apache Spark Data Lake
| ISO 27001 : 2013  Infosys Finacle Core Banking system
CERTIFIED LEAD AUDITOR  TSYS PRIME Card & Payment system
 EMV (Europay, MasterCard and Visa) Acquiring Project
Bureau Veritas, 2018
 Oberthur Card Personalization System
 Paycorp Internet Payment Gateway
 WePay Digital Wallet and Sampath Vishwa Mobile Apps

EDUCATION  Ensure the confidentiality, integrity, and availability of sensitive data by

accessing data protection measures, encryption, and backup processes.
| MASTER OF BUSINESS  Regularly assess the hardening status of servers, endpoint devices, and
ADMINISTRATION network security devices utilizing industry-standard hardening
Anglia Ruskin University, UK. guidelines to confirm their proactive protection against cyber threats.
2018  Act as the ISO Lead auditor to conduct annual ISO 27001/2013 surveillance audit
to verify the effectiveness of Bank’s Information Security Management System
| BACHELOR OF INORMATION (ISMS) and report non-compliance issues.
TECHNOLOGY (BIT)  Ensure that vulnerability assessments and penetration tests are conducted
University of Colombo School of to enhance the organization's resilience against potential cyber threats.
Computing (UCSC), Sri Lanka.  Review and assess the adequacy of IT security policies, procedures, and
2012 guidelines. Recommend improvements or updates as needed.
SKILLS WORK EXPERIENCE (CONT,)

| TECHNICAL  Investigate security breaches in information systems to identify root causes and

Cyber Security deliver recommendations to prevent future occurrences.

SQL, Powershell, Bash  Collaborate with cross-functional teams and ensure that the organization

ISO 27001, COBIT complies with relevant laws, regulations, and industry standards related to

IT Governance & Compliance Cybersecurity and data protection.

Risk assessment & Treatment  Conduct evaluations of the organization's IT infrastructure to gauge its readiness

Security Control Evaluation for disaster recovery, encompassing business impact analyses (BIAs), annual

Technical Writing testing, and assessments of site adequacy.

Eager to self-learn any tech skills  Serve as a technical committee member in IT security projects (e.g., DLP,
SOC, SIEM) to ensure alignment with information security requirements.

| PROFESSIONAL  Support management in identifying and evaluating technology-related risks

Adaptability within business processes, assessing the sufficiency of risk-based controls.

Critical Thinking  Conduct security and control assessments in the bank's IT department and its
Strong Analytical Skills subsidiaries to evaluate the overall defenses against cyber threats, while giving
Logical Reasoning priority to the following critical areas:
Attention to Details  Risk assessment and treatment
 Privilege access management
Decision Making
 Information classification
Collabaration  Hardware & Software Licensing
 Network segregation
 Segregation of duties
 Data backups and restoration
 Server maintenance & hardening
INTERESTS  Network and Endpoint security
 Active directory configurations
Tech Enthusiast
 Firewall / Router /IPS management
Badminton  VAPTs and remediation
Singing  VPN configurations and controls
 Event log management
Traveling
 Management of cryptographic keys
Movies  Change management
 Vendor management
 Physical access management
 Asset classification
 Media sanitization
REFERENCES
 Communicate technical findings to management using accessible language and
| Mr. Thushara Jayathunga ensure follow-up until issues are rectified.
Manager Cybersecurity,  Stay current with emerging cyber threats and industry best practices to
Internal audit,
proactively fortify information security and cyber security defenses.
National Australia Bank.
 Deliver training sessions to subordinates on the latest threats and information
+61448210359
thushara.jayathunga@nab.com.au security requirements.

BRANCH OPERATIONS, SAMPATH BANK PLC

| Mr. Supun Samaraweera
Technical Lead / Team Lead,
London Stock Exchange Group,
IT Department Post Trade markets /
London Clearing House.
+94 5360090 | +94 714703839
supun.samaraweera@lseg.com
Colombo, Sri Lanka | 2006 – 2013
Junior Executive I 2008 – 2013
Trainee Staff Assistant 2006 – 2008
 Established a robust operational foundation with seven years of hands-on
experience in business transactions, internal controls and compliance, providing a
unique perspective for evaluating security controls in any domain, effectively
bridging the gap between IT and business.